Mobile malware, as is probably obvious, is malicious software that affects mobile devices. It is something that most people do not worry about but should. Here’s everything you need to know about mobile viruses and 9 tips to prevent them.
Living without a smartphone is unimaginable for a lot of people in today’s modern society. Most people have smartphones, tablets, e-book readers, etc. These devices have the same functionality as conventional computers, and therefore have similar security issues that lead to data loss or breach.
Security experts around the world predict that the amount of malware for mobile devices will grow as the number of smartphones has already reached such a scale that it is useful for criminals to distribute malicious software not only to computers but also to smart devices.
Mobile malware development trends:
- Fake mobile app stores. In recent years, there has been a particularly rapid increase in malicious apps for smartphones. While a lot of those dubious programs can be found on app stores like Google Play, the majority of malware is hosted on third-party app stores. This tendency to create fake app stores will only grow in the future as this is a fairly easy way to scam people. Fake app stores are particularly popular in China.
- Malicious ads in mobile apps. By clicking on ads displayed in free apps, the user can be redirected to fake app stores where he/she may be tricked into installing malicious apps. A certain type of malicious app could subscribe the phone number to premium SMS services.
- Stolen or lost smart devices. Stolen or lost devices are a serious threat. Smartphones and tablets store a lot of sensitive information. Losing a device is unsettling, but if it’s full of sensitive information, it’s even worse. This problem is more relevant to small businesses that do not have the funds to secure their mobile devices. Employees of such companies usually use the same devices at work and at home, which can lead to additional threats.
- Mobile botnets. Mobile devices are powerful enough to match computers when it comes to computing power, thus are often added to botnets.
- Faked or hijacked wireless networks. The Internet has become an integral part of smart devices. Free Wi-Fi can be found in various locations like cafes, restaurants, parks, airports, etc. With the growing popularity of free public wireless networks, there is also a growing number of people who hijack these networks in order to spy on users, steal their login data, or redirect them to websites that host malware.
- Mobile Payments. Being able to pay by simply touching a smartphone to a special device seems very convenient. Most modern smartphones have the technology that allows mobile payments, but it’s still not such a popular way of paying in many parts of the world. However, it is expected to become popular in the future.
Types of mobile viruses
Malicious software for smart phones is many and varied. Some of them come attached to apps, while others spread by themselves. Compared to before, malicious software can now do more harm because mobile devices store more and more important information, the loss of which can cause significant problems.
In order to better understand the threats posed by mobile malware, let’s discuss the main malware types.
- Adware. Adware is advertising-supported software that bombards users with advertisements. It’s usually downloaded by users together with free apps. However, precisely because advertising reaches consumers and brings profit to developers, they are free. Unwanted advertisements may come in the form of a sudden pop-up window, may redirect users to promotional web pages, show ads to users who no longer use the app, etc.
- Riskware. Riskware is potentially dangerous software that usually has access to critical system resources. There are security vulnerabilities that can be exploited by malicious programs and turn riskware apps into malware. Riskware is usually detected by anti-virus programs installed on smartphones.
- Trojans. This type of malware is the most popular among online criminals. Usually, Trojans enter smartphones along with legitimate programs. Often, trojans are presented as useful programs.
- SMS Trojans. The purpose of SMS Trojans is to send increased rate SMS text messages from your smartphone. Criminals earn money from this because SMS messages are sent to service providers that are not interested in returning money for illegal messages.
- Trojan-Dropper. These programs try to pretend to be legitimate and, because antivirus software does not always detect them, they enter a device and drop a trojan. Once the Trojan-Dropper is launched, it installs a Trojan horse or a virus on the device.
- Trojan-Spy. This type of malware collects information about users (SMS messages, running applications on the phone, web browser history, location). This is done in the background and without user intervention.
- Trojan Banker. The purpose of such software is to steal user login data when connecting to inter-bank banking or electronic payment systems.
- Trojan-Downloader. Their purpose is to download other malware to the mobile device, such as other Trojans or advertising programs.
- Trojan-Ransomware. This type of malware can block access to devices, change PIN codes, etc. If a user agrees to pay a ransom, access to the device is restored.
- Backdoor. Backdoor programs create secret access to the device by bypassing all security measures. Usually, backdoor programs are installed by the developers themselves to have access to the program in case of failure. Programs of this type reduce the security of the mobile device and allow cyber criminals to include it in mobile botnet networks or other malicious activities. It should also be mentioned that backdoors are difficult to detect and remove.
How to identify malware/viruses
In order to protect your mobile device, you need to carefully choose apps you want to install. The biggest risk of getting your smartphone infected is when you download and install apps from third-party app stores. They are usually not managed by reliable companies.
Apps installed on a smartphone require certain permissions, such as access to photos, messages, read and modify certain data, etc. Before installing apps, it’s recommended to review those permissions and question whether they are actually necessary for the app to function. If a game apps requires access to your contacts, photos, etc., that should be suspicious. By not installing dubious apps that require dubious permissions, you’re avoiding a lot of malware.
Signs that malicious software may be running on your mobile device
A mobile device is like a gateway to your personal data, and malware is designed to break into your email, e-banking accounts and apps. And the more time the virus spends on the device, the more data it can steal.
Because mobile malware works in the background and does not inform the user about its functioning, here are some signs that can indicate its existence:
- More mobile Internet data is being used. Malware attempts to unnoticeably launch other apps that attempt to connect to the Internet to retrieve or leak data.
- Lagging apps. Malicious software uses a lot of mobile device resources, and what’s left is not enough for other apps to function properly.
- Unusual pop-ups in browser. Frequent pop-up ads that promote suspicious products or services may be a sign of a virus on your mobile device. Don’t open such ads.
- Increased phone bill. A sudden increase in your phone bill may be because of malicious software activity. Without your knowledge, a virus could be sending messages to premium rate numbers.
- Unwanted apps on the device. Apps downloaded by viruses are designed to look like real apps and are more difficult to identify as malicious. If you detect an app that you didn’t install on your device, you should check its authenticity. If the app looks suspicious, delete it.
- Faster battery drain. Since applications require energy, additional malware running in the background will drain the battery more quickly.
How to prevent mobile malware
It is important to realize that mobile devices equate to computers, so similar principles of information security are also valid for mobile devices. Here are 9 tips to ensure your mobile device security:
- Disconnect unused features. If you don’t use certain features, it’s best to turn them off. For example, if you are not using Bluetooth or WiFi, turn it off.
- Choose the apps you use carefully. The amount of malware that is targeting mobile devices is not the same as the number of malware created for computers, but it is increasing dramatically. Therefore, it is important to pay attention to what apps you are installing. It’s recommended to download apps from official or well-known download sites, as their owners are trying to prevent malicious software from entering the marketplace.
- Use additional security tools. There are anti-virus apps available for most smartphones. There are quite a few paid and free programs: McAfee Mobile Security & Lock, ESET Mobile Security&Antivirus, F Secure Secure TEST, Avast Mobile Security, Sophos Mobile Security, etc. They can be downloaded from mobile app stores like Google Play and the App Store, or anti-virus software sites. Some antivirus programs have additional features such as smartphone lock, remote data deletion in case device is lost/stolen.
- Use PIN code. Mobile devices can be protected by a SIM card PIN, which will prevent third parties from using your SIM card and phone number in case the device is ever lost/stolen. Furthermore, it’s also advised to lock your device with a security code. For PINs and security codes, do not use easy-to-guess number combinations, like 1234 or 0000.
- Enable encryption. If possible, enable data encryption. It the device is stolen or lost, the person using it will not be able to view the data on your phone.
- In case of theft, contact the police and your mobile service provider. Your provider will block your SIM card and the police will be able to start an investigation.
- Turn on Find my mobile (Samsung), Find My (Apple) or equivalent for you phone. This feature will allow you to locate your lost/stolen device, delete data, sound an alarm, display a message.
- Back up your data. Smart devices hold a lot of personal information that we do not want to lose. It’s recommended to regularly backup that data to avoid losing it in case device is lost/stolen, or it no longer works.
- While browsing, use a secure HTTPS connection. We regularly use our devices to connect to public WiFi, a connection that’s not exactly safe and not particularly difficult for malicious parties to intercept. Thus, it’s not recommended to check your email, log in to social media or your bank, purchase anything online, etc., when connected to public WiFi. Essentially, do not do anything that involves your personal information. If absolutely necessary to use it, make sure that a secure HTTPS protocol is used. Or just switch to 4G to do any important work or wait until you can connect to secure WiFi.